All a matter of how you output the message tracking logs. Here's one I use to
track users that exceed 200 recipients in more than 50 messages in an hour.
Useful for determining if someone has been phished. Just one example of using
PowerShell to analyze the logs.
## Begin ##
Add-PSSnapin *exchange*
$time = (Get-Date).AddHours(-1)
$bad = 0
$Senders = Get-ClientAccessServer | Get-MessageTrackingLog -Start $time
-ResultSize unlimited | Where-Object {$_.EventID -like 'SEND'-and $_.Sender
-match "^...@uwgb.edu"} | Group-Object -Property "Sender" | sort Count
$messagepriority = "Normal"
foreach ($sender in $senders)
{
$sender | add-member -MemberType NoteProperty -name
RecipientCount -value 0
$sender.group | foreach {$sender.RecipientCount +=
$_.Recipients.Count}
if ($sender.RecipientCount -gt 200 -and
$sender.count -gt 50)
{
$messagePriority = "High"
$bad = 1
}
}
$senders2 = $senders | sort RecipientCount
$body = $Senders[-1..-15] | select Name,Count,RecipientCount
$body += "<br>"
$body += "<br>"
$body += "<br>"
$body += $Senders2[-1..-15] | select Name,Count,RecipientCount
$body = $body | ConvertTo-Html
### Email Results Normal Priority ###
function sendmail([string] $body)
{
$SmtpClient = new-object system.net.mail.smtpClient
$MailMessage = New-Object system.net.mail.mailmessage
$SmtpClient.Host = "mailhost.domain.com"
$mailmessage.from = "topsend...@domain.com"
$mailmessage.To.add("adm...@domain.com")
$mailmessage.Subject = "Critical attention needed, possible phished user!"
$MailMessage.IsBodyHtml = $True
$mailmessage.Body = $body
$mailmessage.Priority = $MessagePriority
$smtpclient.Send($mailmessage)
}
if ($bad -eq 1)
{
sendmail($body)
}
## End ##
-------------------------------------------------
Thank you,
Pete Kretche
MCP, A+, HP APS
Senior Network/Systems Administrator
E-mail Administrator
UW - Green Bay
From: Paul Cookman [mailto:paul.cook...@selection.co.uk]
Sent: Thursday, September 30, 2010 6:11 AM
To: MS-Exchange Admin Issues
Subject: RE: Email count.
Great,
Thanks I will look into the free product.
Any ideas of power shell commands? Sounds interesting..
From: Kretche, Peter [mailto:kretc...@uwgb.edu]
Sent: 30 September 2010 12:04
To: MS-Exchange Admin Issues
Subject: RE: Email count.
Promodag makes a freeware product called StoreLog that can do some basic
analysis. It uses Access as a backend DB so it's rather limited in many
regards but if you're just looking for basics, it's worth a look. You could
always use Powershell to query the log files and do various output.
-------------------------------------------------
Thank you,
Pete Kretche
MCP, A+, HP APS
Senior Network/Systems Administrator
E-mail Administrator
UW - Green Bay
From: Paul Cookman [mailto:paul.cook...@selection.co.uk]
Sent: Thursday, September 30, 2010 4:07 AM
To: MS-Exchange Admin Issues
Subject: Email count.
I am looking for a way to report on email count between users, I have seen
Promadag but was wondering any one new of a free way or better way.
Regards.
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe exchangelist
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe exchangelist
--
This message has been scanned for viruses and
dangerous content by MailScanner,
and is believed to be clean.
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to
listmana...@lyris.sunbeltsoftware.com<mailto:listmana...@lyris.sunbeltsoftware.com>
with the body: unsubscribe exchangelist
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe exchangelist
